Ignore:
Timestamp:
30 Sep 2012, 20:30:43 (12 years ago)
Author:
Henrik Bettermann
Message:

Add exporter for accesscodes and accesscode batches. Only users with waeup.manageACBatches permission are allowed to use the accecodes exporter.

Location:
main/waeup.kofa/trunk/src/waeup/kofa
Files:
2 added
2 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.kofa/trunk/src/waeup/kofa/browser/pages.py

    r9217 r9261  
    3333    )
    3434from zope.event import notify
     35from zope.security import checkPermission
    3536from zope.securitypolicy.interfaces import IPrincipalRoleManager
    3637from zope.session.interfaces import ISession
     
    13861387        title_name_tuples = [
    13871388            (util.title, name) for name, util in utils]
     1389        # The exporter for access codes requires a special permission.
     1390        if not checkPermission('waeup.manageACBatches', self.context):
     1391            title_name_tuples.remove((u'AccessCodes', u'accesscodes'))
    13881392        return sorted(title_name_tuples)
    13891393
  • main/waeup.kofa/trunk/src/waeup/kofa/browser/tests/test_browser.py

    r9227 r9261  
    2626from zope.component.hooks import setSite, clearSite
    2727from zope.security.interfaces import Unauthorized
     28from zope.securitypolicy.interfaces import IPrincipalRoleManager
    2829from zope.testbrowser.testing import Browser
    2930from waeup.kofa.testing import FunctionalLayer, FunctionalTestCase
     
    213214        return
    214215
     216    def test_export_accesscodes(self):
     217        # Create portal manager and CCOfficer
     218        self.app['users'].addUser('mrmanager', 'mrmanagersecret')
     219        self.app['users']['mrmanager'].email = 'mrmanager@foo.ng'
     220        self.app['users']['mrmanager'].title = 'Carlo Pitter'
     221        # Assign PortalManager role
     222        prmlocal = IPrincipalRoleManager(self.app)
     223        prmlocal.assignRoleToPrincipal('waeup.PortalManager', 'mrmanager')
     224        self.app['users'].addUser('mrofficer', 'mrofficersecret')
     225        self.app['users']['mrofficer'].email = 'mrofficer@foo.ng'
     226        self.app['users']['mrofficer'].title = 'Carlos Potter'
     227        # Assign CCOfficer role
     228        prmlocal.assignRoleToPrincipal('waeup.CCOfficer', 'mrofficer')
     229
     230        # Login as portal manager
     231        self.browser.open('http://localhost/app/login')
     232        self.browser.getControl(name="form.login").value = 'mrmanager'
     233        self.browser.getControl(name="form.password").value = 'mrmanagersecret'
     234        self.browser.getControl("Login").click()
     235
     236        self.browser.open(self.datacenter_path + '/export')
     237        self.assertTrue(
     238            '<option value="accesscodebatches">' in self.browser.contents)
     239        self.assertTrue('<option value="accesscodes">' in self.browser.contents)
     240        self.browser.getControl(name="exporter").value = ['accesscodes']
     241        self.browser.getControl("Create CSV file").click()
     242        job_id = self.wait_for_export_job_completed()
     243        try:
     244            self.browser.getControl("Reload").click()
     245        except LookupError:
     246            pass
     247        self.browser.getControl("Download").click()
     248        self.assertEqual(self.browser.headers['content-type'],
     249                         'text/csv; charset=UTF-8')
     250        self.assertEqual(
     251            'batch_num,batch_prefix,batch_serial,cost,history,owner,'
     252            'random_num,representation,state\r\n',
     253            self.browser.contents)
     254
     255        # Login as officer who is not allowed to download accesscodes
     256        self.browser.open('http://localhost/app/login')
     257        self.browser.getControl(name="form.login").value = 'mrofficer'
     258        self.browser.getControl(name="form.password").value = 'mrofficersecret'
     259        self.browser.getControl("Login").click()
     260
     261        self.browser.open(self.datacenter_path + '/export')
     262        # The CC Officer can see the accesscodebatches exporter ...
     263        self.assertTrue(
     264            '<option value="accesscodebatches">' in self.browser.contents)
     265        # ... but not the accesscodes exporter.
     266        self.assertFalse('<option value="accesscodes">' in self.browser.contents)
     267
    215268    def test_export_discard(self):
    216269        # we can discard a generated export result
Note: See TracChangeset for help on using the changeset viewer.